Primary

Context

Kiwire Captive Portal Blind SQL Injection Vulnerability

Vulnerability

A blind SQL injection vulnerability has been identified in the Kiwire Captive Portal, specifically in the nas-id parameter. This vulnerability allows attackers to execute SQL commands that could compromise the associated database.

Impact

Exploitation of this vulnerability could lead to unauthorized database access and manipulation, allowing attackers to execute arbitrary SQL commands that could, for example, extract, modify, or delete database information.

Remediation

Users are advised to update to the latest version of Kiwire, where this vulnerability has been addressed.

Added: Oct 10, 2025, 11:26 AM

Updated: Oct 10, 2025, 11:26 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kiwire Captive Portal Blind SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating